package org.hyn.gateway.socket.handlers;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import org.hyn.gateway.mapping.HttpStatement;
import org.hyn.gateway.session.Configuration;
import org.hyn.gateway.socket.BaseHandler;
import org.hyn.gateway.socket.agreement.AgreementConstants;
import org.hyn.gateway.socket.agreement.GatewayResultMessage;
import org.hyn.gateway.socket.agreement.ResponseParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * @author franyhu
 * @description 鉴权
 * @date 2025/3/17
 */
public class AuthorizationHandler extends BaseHandler<FullHttpRequest> {

    private final Logger logger = LoggerFactory.getLogger(AuthorizationHandler.class);

    private final Configuration configuration;

    public AuthorizationHandler(Configuration configuration) {
        this.configuration = configuration;
    }

    @Override
    protected void session(ChannelHandlerContext ctx, Channel channel, FullHttpRequest request) {
        logger.info("网关接受请求【鉴权】 uri:{} method:{}", request.uri(), request.method());

        try {
            HttpStatement httpStatement = channel.attr(AgreementConstants.HTTP_STATEMENT).get();
            if (httpStatement.isAuth()) {
                try {
                    // 鉴权信息
                    String uId = request.headers().get("uId");
                    String token = request.headers().get("token");
                    // 鉴权判断
                    if (null == token || token.isEmpty()) {
                        DefaultFullHttpResponse response = new ResponseParser().parse(
                                GatewayResultMessage.buildError(AgreementConstants.ResponseCode._400.getCode(), "抱歉，您的token不合法")
                        );
                        channel.writeAndFlush(response);
                    }
                    // 鉴权处理 shiro + jwt
                    boolean status = configuration.authValidate(uId, token);
                    // 鉴权成功 - 直接放行
                    if (status) {
                        request.retain();
                        ctx.fireChannelRead(request);
                    } else {
                        // 鉴权失败 处理
                        DefaultFullHttpResponse response = new ResponseParser().parse(
                                GatewayResultMessage.buildError(AgreementConstants.ResponseCode._403.getCode(), "抱歉，您无权访问此接口")
                        );
                        channel.writeAndFlush(response);
                    }
                } catch (Exception e) {
                    DefaultFullHttpResponse response = new ResponseParser().parse(
                            GatewayResultMessage.buildError(AgreementConstants.ResponseCode._403.getCode(), "抱歉，您的鉴权不合法")
                    );
                    channel.writeAndFlush(response);
                }
            } else {
                // 对无须鉴权的进行放行
                request.retain();
                ctx.fireChannelRead(request);
            }
        } catch (Exception e) {
            DefaultFullHttpResponse response = new ResponseParser().parse(
                    GatewayResultMessage.buildError(AgreementConstants.ResponseCode._500.getCode(), "网关协议调用失败 " + e.getMessage())
            );
            channel.writeAndFlush(response);
        }
    }
}
